A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了账户，攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区，成为开源史上下载量最大的供应链攻击之一。

作者 | Bruno Couriol译者 | 平川Node.js 团队 最近发布了 Amaro v1.0.0，向稳定支持 TypeScript 迈出了重要一步。Amaro 是 Node 官方提供的类型剥离加载器，也是官方.ts 加载的重要基础。长期以来，Node.js 一直缺乏对 TypeScript 的支持，开发者不得不依赖第三方工具链或使用像 Deno 这样的 JavaScript 运行时替代 ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Senyo Simpson discusses how Rust's core ...

If you like Node.js but not its package manager npm, or you want a more secure JavaScript runtime environment than Node.js, you might find the new open source project Deno of interest (the word Deno ...

作者 | Daniel Dominguez译者 | 刘雅梦策划 | 丁晓昀TypeScript，微软的 JavaScript 静态类型超集，已经发布了 TypeScript 5.9 版本，带来了一系列开发者体验改进、新特性和性能优化。TypeScript 5.9 引入了多个特性，包括对延迟导入的支持、通过脚手架标志改进的默认项目设置，以及对 Node.js v20 ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Bun is an ambitious project that is quickly emerging as a drop-in replacement and faster alternative to Node.js. Here's a look at how Bun works and how to use it for your server-side JavaScript ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...